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PARTNER TRANSFORMATION GUIDE: SECURITY Introduction 


Partner Transformation Guides 


Successfully transforming your business to offer managed security services has important implications across 
several business dimensions. This series of guides describes these across Sales, Marketing, Services and 
Security, and provides advice on how to get started, grow and excel in managed security services as an IT 
partner. 


ADEM 


The intended audience for these guides are senior leaders, marketing executives and business owners of 
channel and partner organisations. 
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PARTNER TRANSFORMATION GUIDE: SECURITY Introduction 


Channel partners can tap into a growing market opportunity for managed security services. IDC has developed 
a Partner Assessment Tool to help partners better understand how well their business is placed to take 
advantage of the managed security services opportunity in this high-growth market. This assessment too! 
guides partners to progress from early to advanced stages of maturity across sales, services, marketing and 
security capabilities. 
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IDC Partner Assessment Tool 


What you need to be a profitable and growing MSP 


There are massive opportunities for partners in the 
managed security services space. 


This IDC Partner Assessment tool will help you discover how 
well your business is placed to take advantage of this. 


Simply answer some quick-fire questions on how you 
currently approach sales, marketing, services and security 
to receive a personalized assessment and set of key 
recommendations on taking your business to the next level. 





IDC has also developed this series of Partner Transformation Guides to provide deeper insight into how 
partners need to transform to successfully run a managed security services business. 


This edition describes the implications of offering managed security services on your approach to security 
services. In particular, it focuses on the impact of realigning a partner marketing organisation to the market 
realities of the recurring revenue model found in managed and cloud services. 
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PARTNER TRANSFORMATION GUIDE: SECURITY Market Opportunity for MSS 


Managed security services is the fastest growing security services segment. IDC's Western Europe Security 
Services Forecast estimates the compound annual growth rate (CAGR) for managed security services at 14.1% 
in 2016-2021, far outpacing other security services. This growth is being driven by four key market dynamics: 


Digital Transformation (DX) 


Furopean organisations are investing heavily 
in new technologies — especially cloud — 


to support their DX projects. They expect European spending On 


better performance from their IT and digital technologies and services that 
business innovation to remain competitive enable the digital transformation 
and be able to deliver new products, services of business practices, products and 


and experiences to their customers. IT 
spending is undergoing a massive shift 
toward cloud and cloud-based solutions 

as well as emerging technologies such as 
Artificial Intelligence and the Internet of 
Things. These technologies promise better 
performance and greater agility, and as such 


organisations is forecast to reach 


$378.2 


they are the enablers of digital business billion in 2022 
innovation. 


Source: Worldwide Semi-annual Digital 
Transformation Spending Guide 





Increased Complexity 


While investments in new technologies drive digital 
innovation and allow organisations to improve their 
competitive position, their successful deployment 
and integration also require organisations to manage 
much greater complexity. Increasingly, organisations 
will operate hybrid IT and multicloud environments. 
They leverage emerging technologies to gain business 
value from growing amounts of data. A necessarily 
more complex IT estate makes organisations subject 
to new vulnerabilities. As a result, organisations face a 
changing and increased threat potential. 
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PARTNER TRANSFORMATION GUIDE: SECURITY Market Opportunity for MSS 


Prioritising Security Investments 


Security is a key business priority for European organisations as part of their DX initiatives. Increased threats 
and complexity therefore drive major security investment as DX forces customers to rethink their security 
strategies. Along with technology, security requirements are equally becoming more complex and solutions 
have to evolve accordingly. The top security concerns for organisations include data breaches, malware, denial- 
of-service attacks, and insecure interfaces and application programming interfaces (APIs). Organisations seek 
comprehensive solutions that help them mitigate threats and prevent business disruption and reputational 
damage. 


Cybersecurity/data security 
expertise is the most sought-after skill _ 
in Europe accoraing to IDC's Technology 
Skills Survey | 


Source: IDC's Technology Skills Survey, December 2018 (European responses) 





Skills Shortage 


Successfully implementing DX initiatives requires organisations to manage increased complexity, but they are 
struggling to hire specialists with the right skills. This is particularly acute in the case of security skills, which 
are in high demand, but short supply. The changing nature of security operations, regulatory upheaval and a 
dynamic threat landscape add to this burden. 
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PARTNER TRANSFORMATION GUIDE: SECURITY Market Opportunity for MSS 


The Market Opportunity for Managed Security Services 
(Cont.) 


The Channel Opportunity 


These trends reinforce each other and create a large market opportunity for businesses like yours as 
organisations seek support from specialist partners. They will increasingly consider third-party security services 
providers to either augment their in-house capabilities or fully outsource the management of their IT security 
function. As a result, there is an opportunity to differentiate against competitors and open new revenue 
streams by building a practice to offer managed security services. 
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PARTNER TRANSFORMATION GUIDE: SECURITY Executive Summary 


Executive Summary 





In the next section we will look at how an No one is alone in their journey to become 
aspiring MSSP can start its journey and an MSSP. The ecosystem formed by vendors, 
differentiate itself in an increasingly crowded distributors and local partners can make things 
market. much easier than expected if someone knows 


We will start with a list of elements that MSSPs now to leverage these external resources. 


mee to «eso nn mme, LO Creve a SUlvalale Finally, we have included a set of short-, 
portfolio and then offer value to their end users. medium-, and long-term recommendations 
for you to follow step by step to evolve from a 


We will address the opportunity and challenge | 
secure provider to a fully fledged MSSP. 


represented by the skills shortage, highlighting 
steps that can be taken to acquire and retain the 
talent needed to create a sustainable business. 
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Differentiation 


Strategies: How to Differentiate for MSSPs 





Depth of advanced capabilities 


Breadth of portfolio is not everything; 
MSSPs should look into specialising 
based on the profile of the client base 
they want to focus on. 


Automation and orchestration 
The ability to automate security tasks 
and orchestrate security processes 

is a source of added value for MSS 
customers. 


- MSS portal 


This is key to the ability of in-house 
security professionals to work in step 
with their MSSPs. 


Vertical expertise 
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providers to develop expertise in specific verticals. 
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Innovation and R&D 


MSSPs should continuously invest in 
emerging technologies in order to 
harness their potential, increasing the 
value of their proposition. 


Broader portfolio 


Providing an end-to-end solutions 
portfolio will helo MSSPs to position 
themselves to end users as a one-stop 
shop. 


Relationship management 


Creating a strong partnership with 
clients will be a strong differentiator for 
those MSSPs that struggle to gain scale 
with their offering. 


As cybersecurity is increasingly seen as a business enabler, end users expect their security 
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Creating a Portfolio 


The NIST Cybersecurity Framework (CSF) 

is becoming the de facto standard control 
framework for large enterprises. It provides 
a taxonomy of controls to ensure that a 
cybersecurity program is comprehensive. 


m oa 4 » Zs 
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The NIST CSF is a taxonomy of 5 functions with 23 
categories and 108 sub-categories that express 
security control outcomes that are important to 
an enterprise security program. 


It provides a useful guideline for aspiring MSSPs 
as developing services and products that align 
with the 5 functions will in turn align with your end 
customers’ cybersecurity journey. 





NIST Framework 


When developing their offering, MSSPs should follow the NIST framework and 
its core set of functions 


^ O0 QA oa 
—9——O——0——0—0O- 


Identify Protect Detect Respond Recover 

Develop an Develop and Develop and Develop and Develop and implement 
organisational implement implement implement appropriate activities 
understanding appropriate appropriate appropriate activities to maintain plans 

to manage safeguards to activities to identify to take action for resilience and to 
cybersecurity risk ensure delivery of the occurrence of a regarding a detected restore any capabilities 
to systems, people, critical services. cybersecurity event. cybersecurity or services that were 
assets, data and incident. impaired due to a 
capabilities. cybersecurity incident. 


National Institute of Standards and Technology (NIST) 
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Security Skills 


As the industry endures a cybersecurity skills shortage that can only 
worsen, the requirement for MSS will inevitably increase. But service 
providers themselves are struggling to find the required talents to 


meet the growing demand. The following recommendations aim to 
address this. 
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PARTNER TRANSFORMATION GUIDE: SECURITY 


Recruiting processes need to be optimised. 

The HR department needs to work closely 

with security specialists to create an enticing 
description for each role so that job descriptions 
do not become a box-ticking exercise. 


Grassroot initiatives, though they take longer 

to bear fruit, are a long-term solution that 

can promise a constant stream of resources 

in return for the investment. These can span 
from creating ad hoc academic paths with local 
institutions (e.g., Novosco with Belfast University) 
to recruiting profiles with a set of soft skills easily 
transferrable to cybersecurity (e.g., Amazon and 
Fortinet recruiting army veterans). 


Often firms accept only candidates with prior 
experience. This further restricts the number of 
suitable applicants and makes the hiring process 
slower and more costly. Accepting entry-level 
candidates and training them on the job will help 
to expand the reach. 
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Security Skills 





Especially at the early stages of creating a team 
of cybersecurity experts, investing in contractors 
is a quick and efficient way to hit the ground 
running, although this should not be considered 
a long term solution. Invest in contractors to plug 
holes while finding more permanent manpower. 
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The following matrix provides guidance on how organisations can start to balance between short- and long- 
term initiatives to simultaneously address the immediate skills gaps, while investing in longer term sustainable 
solutions. 


The matrix provides four key considerations: 


n 





Fase of Time to Long-term Cost 
execution realisation solution or not 


G Excellent a) Strong q) Good (» Poor C) Very poor 


EASE OF TIME TO LONG-TERM 
EXECUTION REALISATION SOLUTION 


Hire contractors 










Grassroot initiatives 


Upskill employees 


Train graduates 


Automate tasks with Al 


€ (»/(»O0/0 


N/A 
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Retain current employees 
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Leveraging your partner ecosystem can be one of the most effective ways to address the skills shortage, while 
adding more capacity, capability, and the scale of your security operations. 
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Leveraging the Ecosystems 


The journey to become a fully fledged MSSP can appear complex 
and resource-draining. But thanks to rapid growth in demand, many 
established vendors and distributors are investing in partnerships 
with aspiring service providers. The path to become an MSSP can be 
easier than expected, if someone knows where to look! 
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PARTNER TRANSFORMATION GUIDE: SECURITY The Ecosystem 


At the beginning of their journey, aspiring MSSPs should leverage the offerings of more mature providers of 
security services, especially when it comes to more complex offerings like SOC and MDR. 





The European market is highly fragmented, and SMEs especially prefer to deal with local players that speak 
their language and understand local dynamics. Partnering with national players before establishing a 
presence in a new geography will be paramount to create a solid foothold. 


Distributors Vendors 

operate as a middleman between vendors and play a key role in the development of an MSSP, 
2-tier channel partners, streamlining the vast with many offering specific partner programs 
and diverse offerings of security products and that include step by step phases. MSSPs should 
providing training and certifications, especially focus on a carefully selected number of vendors, 
in countries where vendors do not have a direct building their portfolio of services upon a 
presence. standardised technology stack. 


SOC = Security Operations Centres from which MSSPs deliver remote management or monitoring of IT security functions 


MDR - IDC defines MDR as a combination of a number of technologies that provide continuous and proactive security and threat monitoring, detection, incident analysis and 
response services that correlates and collects client environment-specific threat intelligence and telemetry. 
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PARTNER TRANSFORMATION GUIDE: SECURITY The Ecosystem 


A Road Map to Security Services 


The journey from SP to MSSP can be taken in incremental steps. Education and training services are an easy 
and cost-effective way to get started. As you progress, think about adding more advanced services and support, 
such as security consulting, managed SOC and Al capabilities. 


IDC has mapped out the different security services and technologies to the different levels of MSSP maturity. 
This allows partners of any size to quickly identify where you are on your MSSP journey, from both a services 
and technology perspective, as well as which solutions you may consider adding into your offering to enhance 
your MSSP business further. 
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Call to Action 


Priorities to grow your managed security services business and accelerate your 


transformation include: 


Build up cybersecurity skills 


This can be challenging in the current market, 
but there are solutions that will provide 

the necessary skills in the short and long 
term (e.g., contractors, upskilling current 
employees). 


Choose the right vendors 


This is true for both products and support offered. 


© When it comes to portfolio priorities, MSSPs 
can either go for better integration of the 
different tools or for best in class solutions, 
but it will be difficult to get both because of 
the highly fragmented nature of the market. 


Different vendors have different approaches 
when it comes to partners and especially 
MSSPs. They can provide different levels of 
support and have different route to market 
Strategies (e.g., vendors that provide their 
services directly might end up in conflict with 
their partners). 


Start defining a client base 


Not all the current clients will be suitable 
buyers of managed security offerings. Careful 
consideration has to be made before starting 
to upsell and target new clients. Priority should 
be given to those clients with which there is a 
stronger relationship, building up trust. 


IDC EUR#146171320 it 


Products and services 


At this stage offerings should include infrastructure 
management, education and training, help desk (Tier 
1 support), endpoint AV, secure device management, 
patch management and system integration. 





Keep it direct and personal 


Building tight relationships with clients at this stage 
is the best strategy to level the field against bigger 
and better established MSSPs as these cannot 
closely follow all their clients, especially SMEs. This 
will allow the security provider to build customised 
and targeted solutions with the added positive effect 
of specialising on a lower set of features, keeping 
costs down. 
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Priorities to grow your managed security services business and accelerate your 
transformation include: 


Align with sales 


Align dedicated marketing teams with sales so that together they can track the customer journey. The 
combined marketing and sales function should begin developing messaging around business outcomes with a 
highly aligned approach. 


Improve efficiencies 


As they expand their portfolio of offerings, 
security specialists need to keep an eye 
on the efficiency of their service delivery. 
Starting to automate processes, as well as 
orchestration among solutions, will make 
scaling up easier, as new deployments 
consume fewer resources. More efficient 
operations can also reduce time to market 
because adding new services does not 
necessarily require the service provider to 
add staff with specific skills and expertise. 





Add value proposition 


In addition to providing a wider range of technology-focused services, security specialists should expand their 
offering with consulting services, such as penetration testing, digital forensics and risk monitoring. These types of 
value-added services must be built on a solid foundation of effective and efficient security technologies, both to 
ensure the accuracy of information being analysed and to minimise the staff time consumed by rote security tasks. 


Products and services 


At this stage the offering should include penetration testing, security consulting, service desk (Tier 2 Support), 
threat intelligence, DLP & encryption, vulnerability management, identity and digital trust 





IDC EUR#146171320 1 4 = [DC 


ANALYZE THE FUTURE 


PARTNER TRANSFORMATION GUIDE: SECURITY Call to Action 


Reaching Maturity as an MSSP 


As you expand and optimise your managed security services business, your marketing 
strategy should continue to evolve to ensure success and profitability by focusing on 
the following: 


Iterate and improve Multitier offering 

Your dedicated marketing team should have The augmented sophistication of the offering now 

a continuous improvement mindset and be allows the MSSP to divide its offering into different 
looking to analyse and measure the success of tiers, with those that consume more resources 
modern marketing campaigns on an ongoing (e.g., dedicated SOC analysts) reserved for premium 
basis. clients. 
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Specialise and target verticals 


As the security portfolio and consulting 
services mature, it is important for an MSSP 
to build up expertise in specific verticals 

to position itself as a partner that fully 
understands the business outcomes and the 
best technologies to be implemented by its 
end users. 


Streamline vendors 


As the services portfolio broadens, vendor 
selection becomes increasingly important as 
managing relationships with tens of different 
vendors can be cumbersome for security staff. 
Moreover, the more point products there are 
in an infrastructure, the less likely they will be 
to share information about threat detection 
and mitigation efforts in a timely manner, 
impacting both security and profitability. 
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Call to Action 


Automation potential 


Al-driven security tools at this stage are vital, 
especially to automate time-consuming and 
repetitive tasks and to operate a filter against the 
sheer amount of alerts generated by the different 
security tools. This will greatly increase efficiencies, 
allowing security analysts to dedicate themselves to 
better supporting the end user and at the same time 
reducing the risk of burnout. 





Products and services 


At this stage the offering should include: log 
monitoring/management/analysis, incident alerting 
and response, 24x7 managed SOC, managed SIEM, 
MDR, SOAR, threat hunting and advanced service 
desk (Tier 3 support). 
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| earn More 


Partner assessment tool: Take the assessment test — 


IDC InfoBrief: How partners can seize the managed security services market opportunity in Europe 


Partner Transformation Guides 


Get in touch with Trend Micro 
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International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, 
and events for the information technology, telecommunications, and consumer technology markets. IDC helps 
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purchases and business strategy. More than 1,100 IDC analysts provide global, regional, and local expertise 

on technology and industry opportunities and trends in over 110 countries worldwide. For 50 years, IDC has 
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the world's leading technology media, research, and events company. 
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